Philip Prindeville wrote: > HELO localhost.localdomain
> from 192.150.1.3, then it will reject that the session... with a 5xx > message... and will also blacklist incoming connections from that > site for the next 4 hours... If another connection comes in from > that address during that 4 hour period, maybe double or quadruple > the wait period. I do a similar thing, but I feed data into a Perl script that plays with my iptables rules. Obviously, to fiddle with iptables rules requires root privileges, hence the separate script. > One other thing I wasn't sure about doing, was adding "simultaneity" > locking as well. That is, blacklisting additional connections from > the same site during the duration of a connection. Most legitimate > MTA's will open a single connection per site, and then spool > multiple messages over a single connection. Sendmail 8.13 can do all of that (and more) with its "conncontrol" and "ratecontrol" features. [...] > I've been wondering about coming up with a standardized format > for tests, This is explicitly *not* a goal of MIMEDefang. My belief is that in order to combat current and future e-mail threats, you need a proper programming language, and Perl is about as good as any. In my opinion, going to something like XML would be a massive step backward. [... rest elided - I have no comments on it ...] Regards, David. _______________________________________________ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang